From owner-freebsd-net@FreeBSD.ORG Mon Jun 25 07:05:20 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 339A416A46C for ; Mon, 25 Jun 2007 07:05:20 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id EA66F13C4B0 for ; Mon, 25 Jun 2007 07:05:19 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 0409C1FFC5D; Mon, 25 Jun 2007 09:05:18 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 0146D1FFC5A; Mon, 25 Jun 2007 09:05:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 806A04448D5; Mon, 25 Jun 2007 07:03:38 +0000 (UTC) Date: Mon, 25 Jun 2007 07:03:38 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: blue In-Reply-To: <467F65A0.9010900@zyxel.com.tw> Message-ID: <20070625070055.P98813@maildrop.int.zabbadoz.net> References: <467F65A0.9010900@zyxel.com.tw> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-net@freebsd.org Subject: Re: Questions about PF_KEY interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2007 07:05:20 -0000 On Mon, 25 Jun 2007, blue wrote: > Dear all: > > I found there are two directories about PF_KEY interface: netkey and netipsec > under $FreeBSD src$\sys\. > > Looking into the makefile, the one that is currently used and built in is > netkey. > > However, I am wondering what's the purpose for netipsec? netipsec is an anlternate, locked IPsec implementation and soonish will be the only one left in the tree. By that point userspace will be changed to use netipsec/*.h and no longer netkey/*.h which will be gone. In case you are interested testing patches, let me know. /bz -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.